Description
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
Remediation
References
Related Vulnerabilities
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-46242)
Java Unspesificed Vulnerability (CVE-2018-2941)
WordPress Plugin SocialFit 'msg' Parameter Cross-Site Scripting (1.2.2)
WordPress Plugin My Tickets Security Bypass (1.9.11)
WordPress Plugin WordPress Gallery-NextGEN Gallery Cross-Site Request Forgery (3.28)